-
Notifications
You must be signed in to change notification settings - Fork 0
78 lines (68 loc) · 2.8 KB
/
push-backend-to-ghcr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Push backend container image to ghcr.io
on:
workflow_call:
inputs:
package:
required: true
type: string
jobs:
push-backend-to-ghcr:
permissions:
contents: read
packages: write
id-token: write
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
# Required by flakes
fetch-depth: 0
- name: Import secrets from Vault
uses: hashicorp/[email protected]
id: secrets
with:
url: https://vault.hackworth-corp.com
path: "github-actions"
role: primer-app-workflow-ghcr
method: jwt
secrets: |
secret/data/cachix/hackworthltd-private/github-workflows token | CACHIX_AUTH_TOKEN ;
- name: Install & configure Nix
uses: cachix/install-nix-action@v26
with:
extra_nix_config: |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hackworthltd.cachix.org-1:0JTCI0qDo2J+tonOalrSQP3yRNleN6bQucJ05yDltRI= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= loony-tools:pr9m4BkM/5/eSTZlkQyRt57Jz7OMBxNSUiMC4FkcNfk=
substituters = https://cache.nixos.org?priority=10 https://hackworthltd.cachix.org?priority=30 https://cache.iog.io?priority=40 https://cache.zw3rk.com?priority=50
- name: Configure Cachix for private Hackworth Ltd cache
uses: cachix/cachix-action@v14
with:
name: hackworthltd-private
authToken: '${{ env.CACHIX_AUTH_TOKEN }}'
skipPush: true
# Note: if this Nix derivation hasn't been built yet, it will
# kick off a Primer Nix build on a GitHub runner, which isn't
# ideal. (It will work, eventually, but it'll be very slow.)
# Therefore, make sure you don't deploy `primer-service` pins
# before they've been built by the `primer` repo.
- name: Fetch `primer-service` Docker image
run: |
nix build -L .#packages.x86_64-linux.primer-service-docker-image
- name: Authenticate to ghcr.io
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push image to ghcr.io
shell: bash
run: |
docker load < result
IMAGE=$(docker image list -f reference=primer-service --format "{{.Repository}}:{{.Tag}}")
TAG=$(docker image list -f reference=primer-service --format "{{.Tag}}")
echo "Loaded image: ${IMAGE}"
NAME="${{ inputs.package }}:$TAG"
docker tag "$IMAGE" "$NAME"
echo "Pushing image to ghcr.io: ${NAME}"
docker push "$NAME"
echo "Image pushed."